COPY is used instead of ADD in Dockerfiles

Docs > Datadog Security > OOTB Rules > COPY is used instead of ADD in Dockerfiles

Classification:

compliance

Framework:

cis-docker

Control:

4.9

Set up the docker integration.

Description

You should use the COPY instruction instead of the ADD instruction in the Dockerfile.

Rationale

The COPY instruction simply copies files from the local host machine to the container file system. The ADD instruction could potentially retrieve files from remote URLs and perform operations such as unpacking them. The ADD instruction therefore introduces security risks. For example, malicious files may be directly accessed from URLs without scanning, or there may be vulnerabilities associated with decompressing them.

Audit

Run this command to get the list of images: docker images
Run this command against each image in the list above and look for any ADD instructions: docker history <Image_ID>

Alternatively, if you have access to the Dockerfile for the image, you should verify that there are no ADD instructions.

Remediation

You should use COPY rather than ADD instructions in Dockerfiles.

Impact

Care needs to be taken in implementing this control if the application requires functionality that is part of the ADD instruction, for example, if you need to retrieve files from remote URLS.

Default value

Not Applicable

References

https://docs.docker.com/engine/userguide/eng-image/dockerfile_best-practices/#add-or-copy

CIS controls

Version 6

18 Application Software Security Application Software Security